[nsp-sec] New IPV6 NDP issue (via cert)
William Allen Simpson
william.allen.simpson at gmail.com
Sat Oct 4 09:48:43 EDT 2008
Chris Morrow wrote:
> On Fri, 3 Oct 2008, David Freedman wrote:
>> Uh, isn't this just like ARP spoofing? is this really a new problem?
>
> seems like it yes, and naptha wasn't new either... I'm gonna release a
> paper on this at cansecwest (so I can see nico)... :)
>
One of the original stated reasons for moving from ARP to IP for Neighbor
Discovery was the ability to secure it. IP Security was required to be
implemented. Each endpoint was expected to have a configured secret or
certificate.
Sadly, IPv6 is a long, long way from our original vision of 15+ years ago.
I've washed my hands of it.
I hardly recognize ND, it has so many bags on the side. :-(
More information about the nsp-security
mailing list